Powershell – Kloud Blog

Auditing Azure AD Registered Applications

19th of February, 2020 / Darren Robinson / No Comments

Azure AD Registered Applications are the Azure AD version of Active Directory Service Accounts. Over time, the number of them grow and grow, each having permissions to consume information from Azure AD and or Microsoft Graph. As an Administrator of Azure AD there is maintenance associated with these Registered Applications, namely credential validity and more important application validity.

Credential expiration associated with Azure AD Registered Applications is quickly visible via the Azure Portal. We can quickly see Current, Expired and Expiring Soon credentials as shown in the screenshot below.… [Keep reading] “Auditing Azure AD Registered Applications”

ChatOps for Azure Active Directory

28th of January, 2020 / Darren Robinson / No Comments

Last year I wrote Lithnet Microsoft Identity Manager plug-ins for PoshBot. After publishing those I developed the majority of a PoshBot plugin to enable ChatOps for Azure Active Directory. Finally with a little more bandwidth at the start of 2020 I’ve been able to put the finishing touches on the module and release it. ChatOps for Azure Active Directory using PoshBot is available from the PowerShell Gallery here and the source in GitHub here.… [Keep reading] “ChatOps for Azure Active Directory”

Sending and Querying Custom Log Data to Azure Monitor Logs

17th of January, 2020 / Darren Robinson / No Comments

Recently for a customer engagement we had the requirement to take log data from a 3rd party application and ingest it into Azure Log Analytics to make the data available in Azure Monitor. Sending Custom Log Data to Azure Monitor Logs is currently in Public Preview. This Microsoft article provides an overview of the capability.

In addition to the standard tiers of an application, you may need to monitor other resources that have telemetry that can’t be collected with the other data sources.… [Keep reading] “Sending and Querying Custom Log Data to Azure Monitor Logs”

SailPoint IdentityNow Security Configuration Report

10th of January, 2020 / Darren Robinson / No Comments

An IdentityNow Security Configuration Report of a SailPoint IdentityNow environment is a valuable artefact to have. I’ve previously documented examples for generating reports for;

But what about the configuration of items such as;

Global Security Settings Details
IWA Configuration Details
SSO SP Configuration Details
SSO IDP Configuration Details

The script (further below) leverages the SailPoint IdentityNow PowerShell Module to generate a HTML report of the configuration items listed above. It also exports the configuration of each of the above features to the output directory in XML format using the PowerShell Export-Clixml command.… [Keep reading] “SailPoint IdentityNow Security Configuration Report”

Release 1.0.6 SailPoint IdentityNow PowerShell Module

9th of January, 2020 / Darren Robinson / No Comments

I’ve just published v1.0.6 of the SailPoint IdentityNow PowerShell Module to both GitHub and the PowerShell Gallery. The Version 1.0.6 SailPoint IdentityNow PowerShell Module is a major update as it removes the previous dependency on the PowerShell Community Extensions (PSCX) module that was previously being used for its’ cryptography functions.

Key Updates;

The SailPoint IdentityNow PowerShell Module no longer has a dependency on the PowerShell Community Extensions (PSCX) module
- Whilst this simplifies the dependencies it also means that the SailPoint IdentityNow PowerShell Module is now PowerShell Core compatible.

… [Keep reading]

Zero-Touch BitLocker with PowerShell

7th of January, 2020 / Jesse Loudon / No Comments

The majority of IT engineers and architects traverse various forms of security on a daily basis ranging from our complex alphanumeric corporate logon passwords to the increasingly common MFA prompts on our mobiles. You could say that we have become experts in navigating modern security measures required to stay protected. But perhaps you’re not familiar in planning and rolling out that same security, at scale, to your organisation’s Windows laptops in the form of disk encryption.… [Keep reading] “Zero-Touch BitLocker with PowerShell”

x.509 Details – A PowerShell Module for decoding x.509 Certificates with time to certificate expiry

5th of December, 2019 / Darren Robinson / No Comments

I’ve just published my X509Details PowerShell Module to the PowerShell Gallery. The x.509 Details PowerShell Module contains the Get-X509Details cmdlet that decodes a base64 encoded PEM/CER format x.509 Certificate and converts it to a PowerShell Object. But wait, there’s more. The reason I created the x.509 Details PowerShell Module is because through automation I need to know what is the ‘Expiry Date’ for a certificate. The returned PowerShell Object from my Get-X509Details cmdlet in the X509Details Module also includes the expiry date-time in PowerShell DateTime format as ‘timeToExpiry‘.… [Keep reading] “x.509 Details – A PowerShell Module for decoding x.509 Certificates with time to certificate expiry”

Azure Backup PowerShell removal of backup protection of a Azure VM

2nd of December, 2019 / Lucian Franghiu / No Comments

Originally posted on Lucian.Blog. Follow Lucian on Twitter: @LucianFrango.

I’ve been looking at Azure Backup and migrating some Windows VM’s from one Recovery Services Vault to another. This is mainly because I’ve taken a look at some production deployed VM’s and found they were aligned to the reference architecture Disaster Recovery and Backup policies. Long story short, 6 VM’s needed to be moved to maintain consistency.

Things get interesting in that my previous level of access at a customer has changed and I’m time poor, so I thought I’d use PowerShell to achieve this faster.… [Keep reading] “Azure Backup PowerShell removal of backup protection of a Azure VM”

Microsoft Graph using MSAL with PowerShell

31st of October, 2019 / Darren Robinson / No Comments

Microsoft Authentication Libraries (MSAL) became Generally Available in May 2019 after a very long preview cycle whilst the libraries evolved to reach parity with its predecessor the Azure Active Directory Authentication Libraries (ADAL). I’ve previously used and written posts on leveraging ADAL libraries with PowerShell for Azure AD/Microsoft Graph integration using PowerShell. With some upcoming projects it’s time for me to start integrating with Microsoft Graph using MSAL with PowerShell. This post details how I transitioned from ADAL to MSAL and reduced my scripts by 60-300 lines depending on the integration.… [Keep reading] “Microsoft Graph using MSAL with PowerShell”

Generate SailPoint IdentityNow v2 & v3 API Credentials

24th of October, 2019 / Darren Robinson / No Comments

This post details how to generate SailPoint IdentityNow v2 and v3 API credentials. This method is valid as of Oct 2019 whereby v3 Credentials are now able to be generated via the SailPoint IdentityNow Portal and v2 Credentials can be generated via the IdentityNow API. v2 credentials are useful for some legacy API’s and API calls that are long running tasks (which thereby use Digest Auth) over using the v3 JWT method. These credentials can then be leveraged by the SailPoint IdentityNow PowerShell Module for IdentityNow orchestration tasks.… [Keep reading] “Generate SailPoint IdentityNow v2 & v3 API Credentials”